BITS Submits Comment Letter on Encryption and Operational Risk

February 21, 2019

On February 21, BITS, the technology policy division of the Bank Policy Institute, submitted a comment letter to the National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence (NCCoE) in response to the its notice for comments on the technology protecting consumer data in-transit across the Internet and within private networks. In the comment letter, BITS said, improper management of Transport Layer Security (TLS) Server Certificate Management puts business operations and, in some cases the nation and public, at-large at risk. BITS encourages NIST to develop automated, product agnostic and interoperable key management solutions fully considering enterprise use cases, to include passive inspection, so that businesses may continue to perform critical risk management functions for troubleshooting and security and fraud monitoring at scale within large, complex networks.